login/.github/workflows/deploy-testing.yml at 3f695f49ee8d38f22a74e9776e57685ae5d2ad2e · hotosm/login · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: Deploy to Testing Environment

on:
  push:
    branches:
      - develop
  workflow_dispatch:

env:
  REGISTRY: ghcr.io
  IMAGE_PREFIX: ${{ github.repository }}

jobs:
  deploy:
    name: Build and Deploy to EC2 Testing
    runs-on: ubuntu-latest
    environment: Development

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup SSH
        uses: webfactory/ssh-agent@v0.9.0
        with:
          ssh-private-key: ${{ secrets.EC2_SSH_KEY }}

      - name: Add EC2 host to known hosts
        env:
          EC2_HOST: ${{ secrets.EC2_HOST }}
        run: |
          mkdir -p ~/.ssh
          ssh-keyscan -H $EC2_HOST >> ~/.ssh/known_hosts

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push backend image
        run: |
          docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-backend:latest \
            -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-backend:${{ github.sha }} \
            --target dev \
            ./backend
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-backend:latest
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-backend:${{ github.sha }}

      - name: Build and push frontend image
        run: |
          docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend:latest \
            -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend:${{ github.sha }} \
            --target dev \
            ./frontend
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend:latest
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend:${{ github.sha }}

      - name: Build and push osm-userinfo image
        run: |
          docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-osm-userinfo:latest \
            -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-osm-userinfo:${{ github.sha }} \
            ./osm-userinfo
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-osm-userinfo:latest
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-osm-userinfo:${{ github.sha }}

      - name: Deploy to EC2
        env:
          EC2_HOST: ${{ secrets.EC2_HOST }}
          EC2_USER: ${{ secrets.EC2_USER }}
          POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
          COOKIE_SECRET: ${{ secrets.COOKIE_SECRET }}
          OSM_CLIENT_ID: ${{ secrets.OSM_CLIENT_ID }}
          OSM_CLIENT_SECRET: ${{ secrets.OSM_CLIENT_SECRET }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITHUB_ACTOR: ${{ github.actor }}
        run: |
          # Deploy via SSH (using ssh-agent from webfactory/ssh-agent action)
          ssh $EC2_USER@$EC2_HOST << EOF
            set -e

            # Navigate to application directory
            cd /home/admin/login || exit 1

            # Configure git safe directory
            git config --global --add safe.directory /home/admin/login

            # Pull latest changes (reset to avoid divergent branches)
            git fetch origin develop
            git reset --hard origin/develop

            # Create/update backend .env file with secrets
            cd backend
            if [ ! -f .env ]; then
              cp .env.example .env
              echo "✓ Created backend .env from .env.example"
            fi

            # Update secrets in backend .env
            sed -i 's|^COOKIE_SECRET=.*|COOKIE_SECRET=$COOKIE_SECRET|' .env
            sed -i 's|^OSM_CLIENT_ID=.*|OSM_CLIENT_ID=$OSM_CLIENT_ID|' .env
            sed -i 's|^OSM_CLIENT_SECRET=.*|OSM_CLIENT_SECRET=$OSM_CLIENT_SECRET|' .env
            echo "✓ Updated backend secrets"

            # Go back to root
            cd /home/admin/login

            # Login to GitHub Container Registry
            echo $GITHUB_TOKEN | docker login ghcr.io -u $GITHUB_ACTOR --password-stdin

            # Pull latest images
            docker compose pull

            # Restart services with dev profile (uses dev services)
            docker compose --profile dev up -d --force-recreate --pull always

            # Clean up old images
            docker image prune -af

            echo "✓ Deployment completed successfully"
          EOF

      - name: Notify deployment status
        if: always()
        run: |
          if [ ${{ job.status }} == 'success' ]; then
            echo "✓ Deployment to testing environment successful"
          else
            echo "✗ Deployment failed"
            exit 1
          fi